/**
 * 
 */
package com.ar.myshares.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.social.security.SpringSocialConfigurer;

import com.ar.myshares.model.Role;

/**
 * @author hernan.gastaud
 *
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/rest/**").access("hasRole('" + Role.ADMINISTRATOR.name() + "') or hasRole('" + Role.TRADER + "')").and().formLogin().successHandler(new MySuccessHandler()).failureHandler(new MyFailureHandler());
		http.logout().logoutUrl("/logout");
		http.logout().logoutSuccessHandler(new LogoutSuccessHandler());
		// social
		http.authorizeRequests().and().authorizeRequests()
		// Anyone can access the urls
				.antMatchers("/auth/**", "/login", "/signup/**", "/user/register/**", "/").permitAll()
				// The rest of the our application is protected.
				.antMatchers("/rest/**").hasRole(Role.ADMINISTRATOR.name())
				// Adds the SocialAuthenticationFilter to Spring Security's
				// filter chain.
				.and().apply(new SpringSocialConfigurer());
		http.csrf().disable();
	}

}
